The Profile of a Hack
Implantable or wearable medical devices (e.g., pacemakers, insulin pumps, etc.) are controlled via small computers within the units themselves. These computers are accessed and controlled via standard electromagnetic communications protocols. Therefore, any sufficiently powerful and/or nearby electromagnetic signal has the potential to disrupt or re-program such devices.
Currently, the majority of medical cyber-attacks occur at hospitals, insurance companies, or clinics where clear communications can be achieved using the facility’s own computer networks. Infusion pumps at these types of facilities have been “taken over” as a demonstration of vulnerability. As such, the FDA has asked for steps to be taken to “harden” such networks and devices.
How Are Hacks Defeated Today?
Currently, the device manufacturers are attempting to use the same cybersecurity tactics that computers use (encryption, firewalls, etc.) to defeat hacking. Such efforts have been only marginally effective in computers and there is no reason to believe these approaches can be any more successful with medical devices. Additionally, there is extremely limited space available within implantable devices for the components needed to accommodate such efforts (e.g., limited memory capability, limited battery-life, limited micro-processor capabilities, etc.).
There is not now, has never been, and will never be a software program that another sophisticated software program will not eventually defeat.
With this in mind, some manufacturers are attempting to increase the sensitivity and selectivity of their devices by decreasing the proximity distance the reading and control devices must achieve before contact is granted. This is a “band-aid” solution that may be easily overcome via a more powerful electromagnetic field.
New Technology Offers a Paradigm Shift
Hackers will continue to challenge and defeat conventional software-based security systems including those deployed in medical devices.
A promising new hardware-based technology will change the medical device cybersecurity landscape forever. This hardware solution acts as a “communications gatekeeper” for medical devices such as cardiac pacemakers. The device facilitates communications to and from the pacemaker only when activated by its companion hardware component.
The device is inherently “hardened” against external attack and all of the technology, materials, and communications protocols are already in use in FDA-approved devices. The system stops unwanted or nefarious frequencies from entering the medical device and requires a multimedia access process before allowing any outside communications.
The underlying technology is patented and proven in other applications and will soon debut in the healthcare field.
Daniel L. Greene, Ph.D. is the chief operations officer at Tueor Technologies. At the same company, James M. Hair III, Ph.D. is the chief science officer.